PT-2022-6091 · Fortinet · Fortianalyzer+1

Published

2022-07-05

Updated

2022-07-27

CVE-2022-27483

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 6.0.x through 7.0.3 Fortinet FortiAnalyzer versions 6.0.x through 7.0.3

Description The issue exists due to improper neutralization of special elements used in an operating system command, allowing an attacker to execute arbitrary shell code as the root user via diagnose system CLI commands.

Recommendations For Fortinet FortiManager versions 6.0.x through 7.0.3, consider disabling the diagnose system CLI commands until a patch is available. For Fortinet FortiAnalyzer versions 6.0.x through 7.0.3, consider disabling the diagnose system CLI commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2023-00029

CVE-2022-27483

Affected Products

Fortianalyzer

Fortimanager

PT-2022-6091 · Fortinet · Fortianalyzer+1

CVE-2022-27483

Weakness Enumeration

Related Identifiers

Affected Products

References · 6